Organizations where risk management has a seat at executive management meetings are more likely to have high-performing programs
- Published: Wednesday, 17 April 2019 07:18
73 percent of high-performing risk programs that have risk management represented in executive management meetings (most or all the time) are more likely to exceed performance goals and achieve higher growth according to a new risk management survey by Deloitte.
Entitled ‘The current state of risk management: struggling and succeeding’ the survey findings confirm that investment in risk management, as well as representation in the C-suite (such as a chief risk officer (CRO)), translates into better financial performance and achievement of strategic priorities overall.
"Many organizations have, to varying degrees, upgraded and restructured their risk management functions, yet there is ample opportunity for continued improvement," said Chris Ruggeri, risk intelligence practice leader for Deloitte Risk and Financial Advisory and principal in Deloitte Transactions and Business Analytics LLP. "We found that the lack of awareness of risks, particularly strategic risks, and leaders not using the tools available to manage them, can greatly undermine the achievement of strategic goals."
In today's disruptive environment, a proper risk management program can improve organizational strategy, which can allow for more advancement and resilience. More than 90 percent of respondents believe that risk management is becoming more important to achieving their organization's strategic goals, and given its importance, it makes sense to have risk management present in key C-suite and board meetings. Yet, only 38 percent of responding chief risk officers (CROs) and risk managers say that they have a great deal of input to C-suite or board decisions.
Appointing a true CRO to the C-suite recognizes that risk is a senior-level concern and with a CRO leading the program, higher levels of integration can be expected. However, only 35 percent of C-suite risk owners characterize their risk management programs as highly integrated indicating there's still work left to do in helping the broader organization recognize risk management as more than a compliance and loss prevention function, but a strategic enabler that drives value. In addition, when risk management is present at board meetings always or most of the time, the likelihood that the function will have input increases dramatically — from 11 to 38 percent.
The survey results pointed to four central findings:
- Organizations that invest in, and integrate, risk management typically exceed performance goals and achieve higher growth.
- Risk management has become elevated — and more strategic — in many organizations.
- The case for appointing a CRO or equivalent who reports to the C-suite or board is strong.
- Organizations have clear opportunities to enhance risk management through technology.
"New technologies such as advanced analytics, risk sensing, and automated controls are becoming more integral to providing a clearer view of risk enterprise-wide," said Keri Calagna, a Deloitte Risk and Financial Advisory principal at Deloitte & Touche LLP. "As digital transformation takes hold of most organizations, the interconnectedness of an organization's various ecosystems and the sheer volume of data they create and process makes leveraging these tech-enabled solutions crucial to risk management of the future."
About the survey
The survey polled a total of 500 C-level executives including 100 executives with the title of chief risk officer (CRO) or equivalent, 100 C-suite executives not primarily responsible for risk, and 300 executives in risk-related functions such as IT and operational risk. This sample was drawn from US companies with at least US$500 million in annual sales in a cross-section of industries.